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ABSTRACT 

The  location  of  wireless  devices  and  sensor  nodes  is  a 
critical  input  for  many  location-aware  applications.  Partic¬ 
ularly,  important  tasks  in  tactical  fields,  such  as  monitoring 
the  status  of  soldiers  and  tracking  the  equipments,  all  rely 
on  the  location  information.  However,  adversaries  may  fal¬ 
sify  the  location  information  and  undermine  the  activities 
supported  by  location.  In  this  work,  we  propose  NORM,  a 
decentralized  location  verification  mechanism  for  wireless 
sensor  networks.  To  perform  location  verification,  three 
schemes  are  developed  in  NORM,  namely  Neighbor  Exam¬ 
ination  scheme.  Neighbor  Verification  scheme,  and  Neigh¬ 
bor  Localization  scheme.  Our  simulation  results  provide 
strong  evidence  that  NORM  is  not  only  effective  in  detect¬ 
ing  abnormal  locations  caused  by  both  naive  adversaries  as 
well  as  sophisticated  adversaries,  but  also  robust  when  a 
high  percentage  of  sensor  nodes  are  compromised. 

1  INTRODUCTION 

The  rapid  advancement  in  wireless  technologies  and 
sensor  devices  is  leading  to  a  future  where  wireless  sen¬ 
sors  will  become  pervasively  deployed.  This  makes  loca¬ 
tion  of  wireless  devices  or  sensor  nodes  a  powerful  infor¬ 
mation  source  as  it  is  a  unique  characteristic  of  each  de¬ 
vice.  Thus,  location  can  become  a  critical  input  for  many 
location-aware  applications.  Particularly,  in  tactical  fields, 
important  tasks,  such  as  monitoring  the  status  of  soldiers, 
tracking  the  equipments,  robotic  navigation,  and  detect¬ 
ing  enemy  activities,  all  rely  on  the  location  information. 
There  have  been  a  plethora  of  schemes  developed  recently 
to  localize  sensor  nodes  [Langendoen  and  Reijers  2003; 
Bahl  and  Padmanabhan  2000;  Niculescu  and  Nath  2001; 
Kleisouris  et  al.  2008;  He  et  al.  2003].  However,  the  perfor¬ 
mance  of  the  localization  algorithms  degrades  significantly 


when  the  sensors  are  deployed  in  hostile  environments  or 
are  attacked  by  adversaries  [Chen  et  al.  2006]. 

Although  there  has  been  some  work  in  secure  local¬ 
ization  [Li  et  al.  2005;  Liu  et  al.  2005;  Lazos  and  Pooven- 
dran  2004],  they  only  targeted  to  enhance  the  robustness 
of  localization,  and  adversaries  may  falsify  the  location  in¬ 
formation  by  compromising  sensor  nodes  or  intercepting 
the  location  information  when  it  is  reported.  Compromised 
location  information  is  a  serious  threat  because  of  their  im¬ 
pact  on  critical  tactical  applications,  and  it  is  thus  desir¬ 
able  to  conduct  location  verification  before  it  is  used  by 
location-based  tasks. 

In  this  work,  we  propose  a  method  called  Neighbor 
ObseRvation  Mechanism  (NORM),  for  position  verifica¬ 
tion  of  wireless  devices  and  sensor  nodes.  NORM  is  a 
software  component  deployed  in  each  sensor  node,  and  can 
assist  sensor  information  processing  and  position  verifica¬ 
tion  in  autonomous  systems.  We  investigate  NORM  under 
two  adversarial  models,  a  naive  adversary  and  a  sophisti¬ 
cated  adversary  model.  We  further  develop  three  schemes, 
namely.  Neighbor  Examination  (NE)  scheme.  Neighbor 
Verification  (NV)  scheme,  and  Neighbor  Localization  (NL) 
scheme,  to  detect  the  abnormal  location  caused  by  both  ad¬ 
versarial  models. 

Comparing  with  prior  position  verification  tech¬ 
niques  [Capkun  and  Hubaux  2005;  Du  et  al.  2005],  which 
required  specialized  hardware,  network  deployment  knowl¬ 
edge,  or  a  central  verification  center,  the  main  advantage 
of  NORM  is  that  it  utilizes  the  existing  wireless  network 
infrastructure  without  deployment  knowledge.  Moreover, 
NORM  performs  position  verification  of  a  sensor  node  in  a 
fully  distributed  way  depending  on  the  spatial  consistency 
relationship  inherited  between  a  sensor  node  and  its  neigh¬ 
bors.  Our  simulation  results  demonstrated  the  effectiveness 
of  NORM  in  detecting  abnormal  locations  and  the  robust¬ 
ness  of  NORM  under  the  severity  of  attacks  in  terms  of  the 
percentage  of  compromised  sensor  nodes  in  the  network. 
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We  show  that  different  position  verification  schemes  can 
be  applied  to  different  scenarios  based  on  application  re¬ 
quirements. 

The  remainder  of  the  paper  is  organized  as  follows. 
Section  2  discusses  previous  research  in  localization  and 
position  verification.  We  provide  an  overview  of  our  prob¬ 
lem  and  present  the  adversarial  models  in  Section  3.  We 
then  present  NORM  in  Section  4  and  develop  three  position 
verification  schemes.  To  evaluate  the  effectiveness  and  the 
robustness  of  NORM,  our  simulation  results  are  provided 
in  Section  5.  Finally,  we  conclude  our  work  in  Section  6. 

2  RELATED  WORK 


Recent  research  efforts  have  resulted  in  a  number  of 
localization  algorithms  [Langendoen  and  Reijers  2003]. 
They  can  be  categorized  as  range-based  and  range-free. 
Range-based  algorithms  [Bahl  and  Padmanabhan  2000; 
Kleisouris  et  al.  2008]  involve  distance  calculation  to 
landmarks  with  known  positions  using  the  measurement 
of  various  physical  properties,  whereas  range-free  algo¬ 
rithms  [Niculescu  and  Nath  2001;  He  et  al.  2003]  use 
coarser  metrics  to  place  bounds  on  node  positions.  Fur¬ 
ther,  the  performance  of  the  localization  algorithms  can  be 
corrupted  by  attacks.  [Li  et  al.  2005]  provides  a  broad  sur¬ 
vey  of  potential  physical  attacks  to  localization  schemes. 
Moreover,  secure  localization  mechanisms  are  developed 
to  enhance  the  robustness  of  localization  schemes  [Li  et  al. 
2005;  Liu  et  al.  2005;  Lazos  and  Poovendran  2004] .  Covert 
base  stations  whose  positions  are  not  known  to  the  attacker 
are  employed  in  [Capkun  and  Hubaux  2006]  to  perform  se¬ 
cure  positioning. 

[Sastry  et  al.  2003]  was  the  first  to  propose  secure  ver¬ 
ification  of  location  claims  by  measuring  the  signal  prop¬ 
agation  time.  It  provided  a  foundation  for  securely  us¬ 
ing  location  in  wireless  information  systems.  [Capkun  and 
Hubaux  2005;  Lazos  et  al.  2005]  proposed  Verifiable  Mul- 
tilateration  technique  to  verify  a  sensor’s  location.  This 
method  required  specialized  hardware  to  perform  nanosec¬ 
ond  processing  and  precise  ranging.  [Du  et  al.  2005]  per¬ 
formed  position  verification  based  on  consistency  check 
of  the  observed  neighbors  and  the  network  deployment 
knowledge.  It  assumes  a  highly  dense  network  where 
the  positions  of  the  node  follow  a  Gaussian  distribution, 
which  is  contrary  to  the  structure  of  many  deployed  sys¬ 
tems  where  much  lower  densities  are  typical.  The  work 
that  is  the  closest  to  ours  is  [Y.  Wei  and  Z.  Yu  and  Y. 
Guan  2007],  where  the  information  of  neighboring  nodes 
is  used  to  perform  verification.  However,  a  central  veri¬ 
fication  server  is  needed  to  conduct  location  verification. 
Our  work  is  different  in  that  NORM  is  a  fully  distributed 
position  verification  mechanism  without  using  specialized 
hardware  and  network  deployment  knowledge. 
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Figure  1:  Illustration  of  two  adversarial  models:  a  naive 
adversary  and  a  sophisticated  adversary  model. 

3  PROBLEM  OVERVIEW 

In  this  section,  we  provide  a  high-level  overview  of  our 
problem.  We  then  present  the  two  adversarial  models  that 
affect  the  location  verification  process. 

3.1  Overview 

In  tactical  fields,  sensors  are  usually  deployed  to  per¬ 
form  monitoring  and  tracking.  For  information  processing 
or  data  fusion,  a  sensor  may  need  to  request  data  from  an¬ 
other  sensor.  In  addition  to  the  traditional  identity-based 
authentication,  the  increasingly  ubiquitous  trends  of  the 
wireless  sensor  networks  are  enabling  the  information  ac¬ 
cess  based  on  the  client  sensor  being  in  the  right  place 
at  the  right  time  [Chen  et  al.  2006].  Thus,  to  facilitate 
location-aware  computing  paradigms,  the  access  control  of 
the  information  can  be  extended  from  solely  identity-based 
authentication  and  built  upon  position  verification  of  the 
client  sensor. 

However,  adversaries  (or  enemies)  may  report  incor¬ 
rect  location  information  to  claim  that  they  are  in  the  au¬ 
thorized  region  in  order  to  access  the  restricted  data  in  a 
sensor  node.  The  traditional  approach  for  position  verifi¬ 
cation  is  to  use  a  centralized  server  that  contains  all  the 
location  information  and  can  thus  verify  the  position  of  the 
client  sensor.  This  kind  of  approach  inherently  introduces 
an  issue  related  to  the  location  privacy.  And  consequently, 
sensor  nodes  may  be  tracked  by  the  central  server.  In  addi¬ 
tion,  due  to  environmental  constraints,  the  deployment  of  a 
central  verification  server  is  not  always  possible,  especially 
in  tactical  fields.  As  opposed  to  the  traditional  centralized 
location  verification  methods,  we  propose  NORM,  which 
is  a  decentralized  mechanism  to  perform  position  verifica¬ 
tion  based  on  the  observation  from  the  neighboring  nodes 
of  the  client  sensor.  Thus,  in  NORM,  when  a  sensor  node 
reports  its  location,  it  also  needs  to  send  its  neighbor  list, 
which  will  be  used  to  help  verifying  the  reported  location. 
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3.2  Adversary  Model 

In  this  work,  we  consider  two  adversarial  models,  a 
naive  adversary  and  a  sophisticated  adversary  model.  In 
both  models,  the  adversary  claims  the  position  of  the  com¬ 
promised  sensor  at  P,  while  its  true  position  is  at  Pq.  As 
shown  in  Figure  1,  the  compromised  sensor  node  Sa  ’s  true 
location  is  at  I’o,  but  the  adversary  claims  its  position  is  at 
P. 

For  a  naive  adversary,  it  either  sends  an  arbitrary 
neighbor  list  or  reports  neighbors  of  the  compromised  sen¬ 
sor  node  consistent  with  their  reported  location  P.  Whereas 
for  a  sophisticated  adversary,  it  reports  the  true  neighbors 
around  the  compromised  sensor’s  true  position  Pq  to  trick 
the  system.  For  instance,  in  Figure  1,  the  naive  adversary 
at  the  sensor  node  Sa  reports  P  as  the  position  of  Sa  and 
sends  sensor  nodes  {£5,  Sq,  St,  £§,  £9}  around  location  P 
as  neighboring  nodes  of  Sa,  whereas  the  sophisticated  ad¬ 
versary  sends  the  true  neighbors  of  Sa,  {£1,  £2,  £3,  £4}. 
around  location  /}>. 

If  a  sensor  node  is  compromised,  it  will  not  respond  to 
any  verification  requests  for  confirming  the  observation  of 
other  nodes.  Further,  we  define  an  Anomaly  Distance  (AD) 
as  the  distance  between  the  reported  location  and  the  true 
location  (i.e.  AD  =  ||P— Po||).  We  want  to  design  position 
verification  schemes  that  can  detect  the  abnormal  location 
when  AD  exceeds  certain  distances. 

4  NORM:  Neighbor  Observation 
Mechanism 

In  this  section,  we  present  our  Neighbor  ObseRvation 
Mechanism  (NORM)  for  position  verification  of  wireless 
devices  and  sensor  nodes.  NORM  is  a  software  component 
deployed  in  each  sensor  node.  Comparing  to  prior  position 
verification  techniques,  [Capkun  and  Hubaux  2005;  Du 
et  al.  2005],  the  main  advantage  of  NORM  is  that  it  does  not 
require  special  hardware,  deployment  knowledge,  or  a  cen¬ 
tral  verification  center.  NORM  performs  position  verifica¬ 
tion  of  a  sensor  node  in  a  fully  distributed  way,  depending 
on  the  spatial  consistency  relationship  inherited  between  a 
sensor  node  and  its  neighbors.  We  next  describe  three  de¬ 
tecting  schemes  we  developed  in  NORM.  For  illustration 
purpose,  we  use  the  example  when  a  sensor  node  Sb  needs 
to  verify  the  reported  location  of  the  sensor  node  Sa- 

4.1  Defeating  Naive  Adversaries 

Neighbor  Examination  (NE)  Scheme:  The  NE 

scheme  performs  position  verification  based  on  the  direct 
response  from  neighbors  of  the  node  under  verification,  i.e., 
Sa-  The  sensor  node  S n  issues  a  special  verification  re¬ 
quest  to  each  neighbor,  Si,  with  i  =  1,2,  ...N  ( N  is  the 
total  number  of  neighbors),  reported  in  the  neighbor  list 


of  the  client  sensor  Sa,  and  asks  whether  it  has  Sa  in  its 
neighbor  list.  When  the  sensor  Si  receives  the  request,  if 
Si  has  £4  in  its  neighbor  list,  £,  confirms  and  reports  its 
current  position  Pi  back.  If  Si  is  compromised  by  the  ad¬ 
versary,  based  on  our  adversary  model.  Si  will  keep  silent 
and  does  not  respond.  We  then  define  the  neighbor  exami¬ 
nation  probability  Pex  as 


where  K  is  the  total  number  of  neighbors  that  responds  to 
the  request  from  Sb-  If  Pex  >  ol  where  a  is  the  confidence 
level,  Sb  determines  that  £4  passes  the  neighbor  exami¬ 
nation.  A  naive  adversary,  who  sends  an  arbitrary  neigh¬ 
bor  list  or  reports  neighbors  around  location  P  when  lying 
about  the  location  of  the  compromised  sensor  node,  will 
thus  result  in  Pex  <  a  and  fail  the  neighbor  examination 
scheme. 

4.2  Defeating  Sophisticated  Adversaries 

A  sophisticated  adversary  may  claim  that  the  compro¬ 
mised  sensor  node  is  at  location  P,  but  report  the  neigh¬ 
boring  nodes  around  sensor’s  true  location  Pq.  The  NE 
scheme  cannot  detect  the  abnormal  locations  reported  by 
sophisticated  adversaries.  The  Neighbor  Verification  and 
the  Neighbor  Localization  schemes  are  thus  developed  to 
detect  abnormal  locations  reported  by  sophisticated  adver¬ 
saries  that  send  the  neighboring  information  around  the  true 
location  of  the  node  under  verification  to  trick  the  system. 

Neighbor  Verification  (NV)  Scheme:  Like  in  the  NE 
scheme,  £ b  first  issues  a  special  verification  request  to  each 
neighbor,  St  with  i  —  1,2,  ...IV,  reported  in  the  neighbor 
list  of  the  client  sensor  Sa,  and  asks  whether  it  has  £4  in 
its  neighbor  list.  When  the  sensor  £,;  receives  the  request, 
if  Si  has  Sa  in  its  neighbor  list,  £,  confirms  and  reports  its 
current  position  Pi  back.  Based  on  the  reported  positions  of 
the  responded  neighbors,  Sb  then  needs  to  conduct  further 
neighbor  verification.  Given  that  the  neighboring  nodes  of 
Sa  must  be  within  the  communication  range  Ra  of  Sa, 
the  distance  between  the  estimated  locations  of  Sa  and  its 
neighbor  \\Pa  —  P,\\  should  be  within  Ra  for  an  honest 
sensor  node.  Sb  could  complete  the  position  verification 
of  SA  if  | \Pa  -  Pi  1 1  <  Ra  for  all  i  =  1...K. 

However,  since  there  are  localization  errors  from  the 
location  estimation  process  [Bahl  and  Padmanabhan  2000; 
Elnahrawy  et  al.  2004],  we  define 

\\PA-Pi\\  <RA  +  r,  (2) 

where  r  is  a  random  variable  introduced  by  localization  er¬ 
rors.  We  may  assume  localization  errors  are  Gaussian.  Un¬ 
der  this  assumption,  r  also  follows  a  Gaussian  distribution 
with  mean  /i  and  variance  <7.  Thus  the  probability  that  PA 
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Figure  2:  Illustration  of  the  Neighbor  Localization  (NL) 
scheme. 


and  Pi  are  neighbors  is  given  by 


Pr(Px)  =  Pr{r  >  (\\PA  ~  Pl\\ -  Ra)) 

=  1  —  F(\\Pa  —  -Pi||  —  Ra),  (3) 

with  F(r)  as  the  Cumulative  Distribution  Function  of  r, 


F(r)  = 


-7L=  I"  exp(— 
v/27 rcr2  7-oo 


0~  T? 

2a2 


)  du.  (4) 


Further,  we  define  the  neighbor  verification  probability 
Pve,  which  is  the  joint  probability  that  all  P, ,  i  = 
are  the  neighbors  of  PA  as: 


K 


Pve  =  l[Pr(Pl). 


(5) 


We  then  set  a  confidence  level  /3  such  that  if  Pve  >  (3,  we 
declare  that  SA  passes  the  Neighbor  Verification  scheme. 
Otherwise,  the  reported  location  information  of  Sa  is  de¬ 
clared  as  compromised. 

Neighbor  Localization  (NL)  Scheme:  The  NL 

scheme  utilizes  the  location  of  Sa’ s  neighboring  nodes  to 
estimate  the  position  of  Sa  and  further  to  verify  the  re¬ 
ported  position  of  Sa-  The  estimated  position  P  of  Sa  is 
expressed  as: 

1  K 

P=kY,(x"y&  (6) 

i= 1 

where  K  is  the  total  number  of  responded  neighbors  to  S n, 
(. Xi,Yi )  is  the  position  of  the  ith  neighbor.  Under  the  nor¬ 
mal  situation,  the  distance  between  the  sensor  node  Sa’ s 
true  location  Pq  and  the  estimated  location  P  from  NL 
scheme  should  be  small.  However,  if  Sa  is  compromised, 
the  distance  between  the  reported  location  P  of  Sa  and  P 
should  be  large. 

As  illustrated  in  Figure  2,  the  distance  between  Pq 
and  P  is  much  smaller  than  the  distance  between  P  and 
P.  Therefore,  we  define  a  Maximum  Tolerable  Distance 
(MTD)  as  the  threshold  of  declaring  the  abnormal  loca¬ 
tion  in  NL  scheme.  In  particular,  let  D  =  \\P  -  /|  | .  If 


D  >  MTD,  NL  scheme  declares  the  location  reported  by 
Sa  is  compromised. 

5  SIMULATION  RESULTS 


In  this  section,  we  first  present  our  evaluation  metrics. 
We  then  introduce  the  simulation  methodology.  We  next 
present  our  simulation  results. 

5.1  Evaluation  Metrics 

In  order  to  evaluate  the  performance  of  NORM,  we  use 
the  following  metrics: 

Detection  Rate:  The  detection  rate  is  defined  as  the 
percentage  of  actual  abnormal  location  that  are  determined 
to  be  abnormal: 

DR=W  (?) 

where  Ntp  is  the  number  of  abnormal  locations,  i.e.,  true 
positive,  detected  by  NORM  and  Np  is  the  total  number  of 
abnormal  locations,  i.e.,  positive. 

False  Positive  Rate:  The  false  positive  rate  is  defined 
as  the  percentage  of  normal  location  that  are  falsely  deter¬ 
mined  to  be  abnormal  location: 

FPR=^,  (8) 

where  Nfp  is  the  number  of  normal  locations  falsely  deter¬ 
mined  to  be  abnormal  locations,  i.e.,  false  positive,  and  Nn 
is  the  total  number  of  normal  locations. 

Receiver  Operating  Characteristic  (ROC)  curve: 
To  evaluate  NORM  we  want  to  study  the  false  positive 
rate  and  detection  rate  together.  The  ROC  curve  is  a  plot 
of  the  detection  accuracy  of  the  abnormal  location  against 
the  false  positive  detection.  It  can  be  obtained  by  varying 
the  detection  thresholds.  The  ROC  curve  provides  a  direct 
means  to  measure  the  trade  off  between  false-positive  and 
correct  detections. 

5.2  Simulation  Methodology 

In  our  simulation  setup,  we  deploy  200  to  500  sensors 
randomly  in  a  350m  x  350m  square  field.  The  commu¬ 
nication  range  of  the  sensor  node  is  modeled  to  follow  a 
Gaussian  distribution  with  mean  at  30m  and  standard  devi¬ 
ation  as  2m.  Under  this  setup  each  sensor  node  can  observe 
average  number  of  neighbors  ranging  from  4  to  1 1.  Further, 
we  simulate  the  localization  error  of  a  sensor  node  by  mod¬ 
eling  the  localization  errors  of  the  X  and  Y  coordinates  to 
follow  a  Gaussian  distribution  with  zero  mean  and  standard 
deviation  of  3m.  This  corresponds  to  the  localization  error 
with  a  median  of  3m  and  can  range  from  0  to  11m,  which 
is  inline  with  previous  experimental  findings  [Elnahrawy 
et  al.  2004], 
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Figure  3:  Naive  Adversaries:  Receiver  Operating  Charac¬ 
teristic  (ROC)  curve  for  impact  of  anomaly  distance. 

We  then  randomly  choose  sensor  nodes  that  are  com¬ 
promised  by  adversaries.  The  default  percentage  of  com¬ 
promised  sensor  nodes  is  set  to  0. 1 .  Based  on  our  adversary 
model,  a  compromised  sensor  node  will  keep  silent  when 
receiving  special  verification  requests.  To  evaluate  the  ef¬ 
fectiveness  of  NORM,  we  vary  Anomaly  Distance  (AD), 
percentage  of  compromised  sensor  nodes,  network  density 
and  localization  error  in  our  simulation  study. 

5.3  Evaluation  Results 

Impact  of  Anomaly  Distance  (AD):  Figure  3  presents 
the  ROC  curve  under  various  Anomaly  Distance  when  the 
Neighbor  Examination  (NE)  scheme  is  used  to  detect  ab¬ 
normal  locations  caused  by  naive  adversaries.  We  observed 
that  NE  scheme  can  achieve  detection  rates  over  95%  when 
the  FPR  is  less  than  10%.  For  the  case  of  AD  =  25 to, 
which  is  less  than  the  average  communication  range  (i.e., 
30m)  of  sensor  nodes,  the  detection  rate  is  above  90% 
when  the  FPR  reaches  5%.  Further,  the  detection  rate 
achieves  99%  when  the  false  positive  rate  is  5%  for  the  case 
of  AD  =  40m.  Moreover,  we  found  that  the  larger  the  AD 
is,  the  higher  the  detection  rate  can  achieve.  Specifically, 
by  examining  the  condition  of  FPR  =  0.05  the  detection 
rate  increases  from  91%  to  over  99%  when  AD  increases 
from  25m  to  40m. 

Figure  4  presents  the  ROC  curves  under  various 
Anomaly  Distance  when  NV  and  NL  schemes  are  used  re¬ 
spectively  to  detect  the  abnormal  locations  caused  by  so¬ 
phisticated  adversaries.  Both  NV  as  well  as  NL  schemes 
present  similar  detection  performance  to  NE  scheme  when 
AD  ranges  from  25m  to  40m:  the  detection  rate  increases 
with  the  increasing  of  the  Anomaly  Distance.  In  particular, 
the  detection  rates  are  above  92%  when  the  FPR  is  5%  for 
both  NV  and  NL  schemes  under  the  case  of  AD  =  25 to. 
The  detection  rates  are  close  to  100%  when  the  FPR  is  5% 
for  both  NV  and  NL  schemes  under  the  case  of  AD  = 
40 m.  This  indicates  our  position  verification  schemes  are 


Figure  4:  Sophisticated  Adversaries:  Receiver  Operating 
Characteristic  (ROC)  curve  for  impact  of  Anomaly  Dis¬ 
tance. 


Figure  5:  Impact  of  network  density. 

effective  in  detecting  abnormal  locations  caused  by  both 
naive  as  well  as  sophisticated  adversaries.  We  further  ob¬ 
served  that  NV  scheme  outperforms  NL  scheme  when  FPR 
is  below  5%,  whereas  NL  scheme  outperforms  NV  scheme 
when  FPR  is  above  5%.  Therefore,  we  can  choose  proper 
detection  schemes  according  to  the  application  tolerance  to 
the  false  positive  rate. 

Impact  of  Network  Density:  By  varying  the  num¬ 
ber  of  sensor  nodes  from  200  to  500  in  our  simulated  net¬ 
works,  we  evaluated  how  the  network  density  impact  the 
performance  of  NORM.  In  this  setup,  each  sensor  node  can 
observe  in  average  4  neighbors  for  the  deployment  of  200 
sensors  and  11  neighbors  for  the  deployment  of  500  sen¬ 
sors  in  the  network  respectively.  Figure  5  presents  the  de¬ 
tection  rate  versus  number  of  sensor  nodes  under  all  three 
schemes.  We  observed  that  the  detection  rate  increases 
with  the  increasing  of  network  density.  In  particular,  when 
the  number  of  sensors  increases  from  200  to  500,  the  detec¬ 
tion  rate  increases  from  85%  to  98%  for  NV  scheme,  from 
90%  to  99%  for  NE  scheme  and  from  83%  to  98%  for  NL 
scheme  respectively,  under  the  condition  of  FPR  less  than 
10%.  Further,  we  found  that  NV  scheme  outperforms  NL 
scheme  when  the  number  of  sensors  is  small  (e.g.  200), 
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Figure  6:  Impact  of  Percentage  of  Compromised  Sensor 
Nodes  in  Network. 


whereas  the  NL  scheme  outperforms  NV  scheme  when  the 
number  of  sensors  is  large  (e.g.  500).  Since  NL  scheme 
relies  on  positions  of  neighbors  to  estimate  the  location  of 
a  sensor  node,  the  denser  the  network,  the  more  accurate 
the  position  estimation  can  become  and  thus  the  higher  de¬ 
tection  rate  NL  scheme  can  achieve.  Hence,  based  on  dif¬ 
ferent  network  density,  we  can  choose  different  schemes  to 
perform  position  verification. 

Impact  of  Percentage  of  Compromised  Sensor 
Nodes:  We  vary  the  percentage  of  compromised  sensor 
nodes  in  the  network  to  evaluate  the  robustness  of  NORM 
when  large  number  of  nodes  are  compromised  in  the  net¬ 
work.  Figure  6  presents  the  relationship  between  the  detec¬ 
tion  rate  and  the  percentage  of  compromised  sensor  nodes. 
The  false  positive  rate  is  set  at  10%  and  the  Anomaly  Dis¬ 
tance  equals  to  30to. 

As  shown  in  Figure  6,  the  detection  rates  of  the  three 
schemes  drop  gradually  from  above  98%  to  80%  as  the  per¬ 
centage  of  compromised  nodes  increases  from  10%  to  60%. 
A  key  observation  of  this  experiment  is  that  the  perfor¬ 
mance  of  NORM  is  still  over  80%  even  when  the  percent¬ 
age  of  compromised  nodes  is  extensively  large  (i.e.  60%), 
which  indicates  that  NORM  is  robust  in  detecting  abnormal 
locations  under  the  situation  when  large  number  of  nodes 
are  compromised. 

Impact  of  Localization  Error  of  Sensor  Nodes:  We 

further  examine  how  the  localization  error  can  impact  the 
performance  of  NORM.  In  this  experiment,  we  vary  the 
standard  deviation  of  the  localization  error  of  the  X  and  Y 
coordinates  of  a  sensor  node  from  lm  to  5m.  We  note  that 
lm  standard  deviation  corresponds  to  a  mean  localization 
error  of  1.3m,  whereas  5m  standard  deviation  corresponds 
to  a  mean  localization  error  of  6.3 m.  The  Anomaly  Dis¬ 
tance  is  maintained  at  30m  and  the  false  positive  rate  is  set 
to  5%  and  10%  respectively. 

Figure  7  presents  the  detection  rates  of  all  three 
schemes  versus  the  standard  deviation.  We  observed  that 
overall  the  detection  rates  are  decreasing  when  the  local¬ 


Standard  Deviation  of  Localization  Error  of  X  and  Y  Coordiantes  (m) 


Figure  7:  Impact  of  Localization  Error  of  Sensor  Nodes. 


ization  error  is  increasing  for  all  three  schemes.  And  the 
detection  rates  of  NL  and  NV  schemes  can  approach  100% 
no  matter  the  FPR  is  5%  or  10%  when  the  mean  localiza¬ 
tion  error  is  around  1.3m  with  a  corresponding  standard 
deviation  of  lm.  Interestingly,  we  found  that  NE  scheme  is 
not  as  sensitive  as  NV  and  NL  schemes  to  the  localization 
error.  Specifically,  the  decreasing  of  the  detection  rate  of 
NE  schemes  is  about  1%,  whereas  it  is  4%  for  NL  scheme 
and  8.5%  for  NV  scheme  when  the  mean  localization  er¬ 
ror  ranges  from  1.3m  to  6.3m.  This  is  because  NE  scheme 
does  not  use  the  positions  of  sensor  nodes  (i.e.  neighboring 
nodes)  directly,  and  thus  the  performance  of  NE  scheme 
is  more  stable  under  various  localization  errors  than  other 
schemes  that  rely  on  the  positions  of  sensor  nodes. 

6  CONCLUSION 


In  this  work,  we  proposed  a  Neighbor  ObseRvation 
Mechanism  (NORM)  to  perform  position  verification  in 
wireless  sensor  networks,  especially  for  tactical  environ¬ 
ments.  Three  schemes.  Neighbor  Examination  scheme. 
Neighbor  Verification  scheme,  and  Neighbor  Localization 
scheme,  are  developed  in  NORM  to  detect  abnormal  lo¬ 
cations  caused  by  both  naive  as  well  as  sophisticated  ad¬ 
versaries.  NORM  conducts  position  verification  in  a  fully 
distributed  way  depending  on  the  spatial  consistency  re¬ 
lationship  inherited  between  a  sensor  node  and  its  neigh¬ 
bors.  The  main  advantage  of  NORM  is  that  it  does  not 
require  special  hardware,  network  deployment  knowledge, 
or  a  central  verification  server.  Simulation  results  demon¬ 
strated  that  NORM  is  effective  in  detecting  abnormal  loca¬ 
tions  and  is  robust  when  a  high  percentage  of  sensor  nodes 
are  compromised.  Further,  we  found  that  our  three  posi¬ 
tion  verification  schemes  can  be  applied  to  different  net¬ 
work  scenarios  based  on  application  requirements. 
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